Bug #269123: fix quota overflow security vulns.

Package-Manager: portage-2.2.0_alpha19/cvs/Linux x86_64

3 files changed, 124 insertions, 3 deletions

diff --git a/net-mail/qmailadmin/Manifest b/net-mail/qmailadmin/Manifest
index ba8b0a48eea5..e44765c54a0c 100644
--- a/net-mail/qmailadmin/Manifest
+++ b/net-mail/qmailadmin/Manifest
@@ -1,9 +1,10 @@
+AUX qmailadmin-1.2.12-quota-overflow.patch 3613 RMD160 5deade4a688265faeb6949e4683f14c2ee93dedd SHA1 9f7f67838d331fa2eb5959ae37756bfa3bd22495 SHA256 82bc168a1c52f26a02fdd568d6bea0323d4a7508241861cd523037fbcefbdddb
 AUX qmailadmin-1.2.9-maildir.patch 253 RMD160 d3f2ec39cd95a83ee274dd07651245bf077175d6 SHA1 1660688779c1f5ef26ac3998cd7cbaf0bdb13526 SHA256 038e72a7770883e6418a10dfacd80d414ff504d554d798e2f42b5a2dadf98caf
 DIST qmailadmin-1.2.10.tar.gz 390150 RMD160 1220d99d2f228011760ce670fea94f3e5a019506 SHA1 80ec9159535e08ae10a7690ff403d77ea33c17d0 SHA256 24f27697c268a0031145d1fe3b597f0e3e55af41a09f5c6d499b6c2409ce771b
 DIST qmailadmin-1.2.12.tar.gz 400144 RMD160 6aa50a9075c97ecfb7db1e1cf6eed31ea9ec0e11 SHA1 89f87e1a3b25e7fcee74296721347454b838e32c SHA256 926c6dd91540aed9b011e0c3623ed108acdb5ecc3d6cff8f08731c2f2bba42c4
 DIST qmailadmin-1.2.15.tar.gz 385529 RMD160 b42907514dc19551434256a4d505064baa098a4d SHA1 33aaa3328a50d64396ad157724e87c84f1bcb3cd SHA256 3b8bb55a5e567497434c7cf9cbaf8cd73f85b8fa5c56b4bebdf7aef8b2c70db7
 EBUILD qmailadmin-1.2.10.ebuild 2740 RMD160 a24f315eb335407e60d475a5224f7554d33bf4b0 SHA1 b6ae7c63594ba58c2302aa48cec840671ba905f9 SHA256 86a413d3dc864995b74f4cc6f12abfcac2b563c5fb99f858274cf5fe1d0b18ed
 EBUILD qmailadmin-1.2.12.ebuild 2264 RMD160 707772055a23d89622a5d37984c55bee6c28c1fd SHA1 1521cf328f5ed5e1e185d3c182e462a28b4bb761 SHA256 ae9a7c38fe06eacdcde1c66c8574f04689180c3d258da8014c594020dc8dbc00
-EBUILD qmailadmin-1.2.15.ebuild 2530 RMD160 23f6bbef102e2e718bcc6e59292e5d23d254c9ae SHA1 7d95d112c86b01a85e5005b2937f19352ee6b14b SHA256 aa0d04af68c82f89ad27db936ba61438e2c96c48a17a0270444b42a674a7e0c0
+EBUILD qmailadmin-1.2.15.ebuild 2609 RMD160 8f8413c5cf5977d658bae6f3a7dab24d148ad1f6 SHA1 d749dd73ad1d4f7c3a63f2bc394fbb1a29f76b35 SHA256 bcc2d85df9639bb28146940d45d1e39bbeeee55e25157fc515ebc815b559d5fa
 MISC ChangeLog 3925 RMD160 cfb2be375b1a89dd539f813db6ac407f211ca357 SHA1 9500323128d68a9af3a1523ab118abaeef41232f SHA256 69d1519a4a51b554a729b4584a58b18337e9f85aecf5ac5911f4c553fa35ad74
 MISC metadata.xml 306 RMD160 943180e5834beb3fdb7c9aceff3ae54c16862c81 SHA1 9aa811589b40d70c5cf1e6faa15b9d32e35b5726 SHA256 6e23cbfe8a4fc080cd916a2bee406af0d799862c23e1a912a348aac61046af24
diff --git a/net-mail/qmailadmin/files/qmailadmin-1.2.12-quota-overflow.patch b/net-mail/qmailadmin/files/qmailadmin-1.2.12-quota-overflow.patch
new file mode 100644
index 000000000000..b4c5aa90248a
--- /dev/null
+++ b/net-mail/qmailadmin/files/qmailadmin-1.2.12-quota-overflow.patch
@@ -0,0 +1,118 @@
+diff -Nurp qmailadmin-1.2.12/util.c qmailadmin-1.2.12.new/util.c
+--- qmailadmin-1.2.12/util.c	2007-09-21 19:27:40.000000000 -0400
++++ qmailadmin-1.2.12.new/util.c	2009-07-11 01:54:02.000000000 -0400
+@@ -19,10 +19,11 @@
+ 
+ #include <stdio.h>
+ #include <stdlib.h>
++#include <stddef.h>
++#include <errno.h>
+ #include <string.h>
+ #include <unistd.h>
+ #include <sys/stat.h>
+-#include <unistd.h>
+ #include <pwd.h>
+ #include <dirent.h>
+ #include <ctype.h>
+@@ -352,41 +353,70 @@ char *get_quota_used(char *dir) {
+                    back to bytes for vpasswd file
+    return value: 0 for success, 1 for failure
+ */
+-int quota_to_bytes(char returnval[], char *quota) {
++int quota_to_bytes(char returnval[], const char *quota) {
+     double tmp;
++    int err = 0;
+ 
+     if (quota == NULL) { return 1; }
+-    if ((tmp = atof(quota))) {
+-        tmp *= 1048576;
+-        sprintf(returnval, "%.0lf", tmp);
+-        return 0;
++
++    /* first set errno to 0 to determine if an error occurs */
++    errno = 0;
++    tmp = strtod(quota, NULL);
++    err = errno;
++    if (err != 0) {
++        perror("quota_to_bytes");
++        return 1;
+     } else {
+-	strcpy (returnval, "");
+-	return 1;
++        tmp *= (1024*1024);
++        err = sprintf(returnval, "%.0lf", tmp);
++        if (err > 0) {
++            return 0;
++        } else {
++            returnval[0] = '\0';
++            return 1;
++        }
+     }
+ }
+ /* quota_to_megabytes: used to convert vpasswd representation of quota
+                        to number of megabytes.
+    return value: 0 for success, 1 for failure
+ */
+-int quota_to_megabytes(char *returnval, char *quota) {
++int quota_to_megabytes(char *returnval, const char *quota) {
+     double tmp;
+-    int i;
++    int err = 0;
++    size_t i;
+ 
+     if (quota == NULL) { return 1; }
+     i = strlen(quota);
++
++    errno = 0;
++    tmp = strtod(quota, NULL);
++    err = errno;
++    if (err != 0) {
++        perror("quota_to_megabytes");
++        return 1;
++    }
++
+     if ((quota[i-1] == 'M') || (quota[i-1] == 'm')) {
+-        tmp = atol(quota);  /* already in megabytes */
++        /* already in megabytes */
+     } else if ((quota[i-1] == 'K') || (quota[i-1] == 'k')) {
+-	tmp = atol(quota) * 1024;  /* convert kilobytes to megabytes */
+-    } else if ((tmp = atol(quota))) {
+-        tmp /= 1048576.0;
++        /* convert kilobytes to megabytes */
++        tmp *= 1024;
++    } else if (tmp != 0) {
++        /* convert bytes to megabytes */
++        tmp /= (1024*1024);
+     } else {
+-	strcpy (returnval, "");
+-	return 1;
++        returnval[0] = '\0';
++        return 1;
++    }
++
++    err = sprintf(returnval, "%.2lf", tmp);
++    if (err > 0) {
++        return 0;
++    } else {
++        returnval[0] = '\0';
++        return 1;
+     }
+-    sprintf(returnval, "%.2lf", tmp);
+-    return 0;
+ }
+ 
+ void print_user_index (char *action, int colspan, char *user, char *dom, time_t mytime)
+diff -Nurp qmailadmin-1.2.12/util.h qmailadmin-1.2.12.new/util.h
+--- qmailadmin-1.2.12/util.h	2007-09-21 19:27:40.000000000 -0400
++++ qmailadmin-1.2.12.new/util.h	2009-07-11 02:02:45.000000000 -0400
+@@ -25,8 +25,8 @@ void str_replace (char *, char, char);
+ 
+ void qmail_button(char *modu, char *command, char *user, char *dom, time_t mytime, char *png);
+ 
+-int quota_to_bytes(char[], char*);     //jhopper prototype
+-int quota_to_megabytes(char[], char*); //jhopper prototype
++int quota_to_bytes(char[], const char*);     //jhopper prototype
++int quota_to_megabytes(char[], const char*); //jhopper prototype
+ 
+ void print_user_index (char *action, int colspan, char *user, char *dom, time_t mytime);
+ char *cgiurl (char *action);
diff --git a/net-mail/qmailadmin/qmailadmin-1.2.15.ebuild b/net-mail/qmailadmin/qmailadmin-1.2.15.ebuild
index 3469eba8988c..17726bcf7d21 100644
--- a/net-mail/qmailadmin/qmailadmin-1.2.15.ebuild
+++ b/net-mail/qmailadmin/qmailadmin-1.2.15.ebuild
@@ -1,8 +1,8 @@
 # Copyright 1999-2011 Gentoo Foundation
 # Distributed under the terms of the GNU General Public License v2
-# $Header: /var/cvsroot/gentoo-x86/net-mail/qmailadmin/qmailadmin-1.2.15.ebuild,v 1.2 2011/01/26 01:43:14 robbat2 Exp $
+# $Header: /var/cvsroot/gentoo-x86/net-mail/qmailadmin/qmailadmin-1.2.15.ebuild,v 1.3 2011/01/26 01:49:29 robbat2 Exp $
 
-inherit qmail eutils webapp
+inherit qmail eutils webapp autotools
 
 # the RESTRICT is because the vpopmail lib directory is locked down
 # and non-root can't access them.
@@ -31,6 +31,8 @@ src_unpack() {
 	unpack ${A}
 	cd "${S}"
 	epatch "${FILESDIR}"/${PN}-1.2.9-maildir.patch
+	epatch "${FILESDIR}"/${PN}-1.2.12-quota-overflow.patch
+	eautoreconf
 }
 
 src_compile() {